package com.distribute.framework.core.web.limits;

import com.distribute.framework.core.web.helper.Utils;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;



public class LimitsFilter
{
	private static String key="JFKLDSJFODASJFL465456";//密钥	
	
	private static Integer exps[]={128,256,512,1024,2048,4096,8192,16384,32768,65536,131070,262140};

	public void doFilter(ServletRequest req, ServletResponse rep,FilterChain filterChain) throws IOException, ServletException
	{
		FilterLimits((HttpServletRequest) req);
		filterChain.doFilter(req, rep);
	}
	
	public static void FilterLimits(HttpServletRequest request) throws ServletException
	{
		Limits limits = getLimits(request);
		while(limits!=null && limits.referer!=null)
			limits=limits.referer;
		Integer limitsId=limits==null?null:limits.getLimitsId();
		if(limitsId!=null){			
			request.setAttribute("canView", (limitsId & 1)==1);
			request.setAttribute("canQuery",true);
			request.setAttribute("canAdd", (limitsId & 2)==2);
			request.setAttribute("canEdit", (limitsId & 4)==4);
			request.setAttribute("canDel", (limitsId & 8)==8);
			request.setAttribute("canImport", (limitsId & 16)==16);
			request.setAttribute("canExport", (limitsId & 32)==32);
			request.setAttribute("canStats", (limitsId & 64)==64);
			List<Boolean> canExp=new ArrayList();
			for(int i=0;i<exps.length;i++){
				canExp.add((limitsId & exps[i])==exps[i]);
			}
			request.setAttribute("canExp",canExp);
		}
	}
	
	
	/**
	 * jsp页面标签取limit值
	 * @param url
	 * @param view
	 * @param add
	 * @param edit
	 * @param del
	 * @param exp
	 * @return
	 */
	public static String limitids(String url,Boolean view,Boolean add,Boolean edit,Boolean del)
	{
		if(url.indexOf("?")>-1)
			url = url.substring(0, url.indexOf("?"));
		if(url.startsWith("/"))
			url=url.substring(1);
		Integer limitsId=0;
		if(view)
			limitsId|=1;
		if(add)
			limitsId|=2;
		if(edit)
			limitsId|=4;
		if(del)
			limitsId|=8;
		
		if(Utils.equals(Utils.config("limit.debug"), "true"))
			Utils.trace(limitsId,"-",url,limitsId,key);
		
		return limitsId+"-"+new MD5().getMD5ofStr(url+limitsId+key);
	}
	
	/**
	 * jsp页面标签取limit值
	 * @param limitsId
	 * @return
	 */
	public static String limitid(String url,Integer limitsId)
	{	
		if(url.indexOf("?")>-1)
			url = url.substring(0, url.indexOf("?"));
		if(url.startsWith("/"))
			url=url.substring(1);
		return limitsId+"-"+new MD5().getMD5ofStr(url+limitsId+key);
	}
	
	public static void main(String...strings)
	{
		System.out.println(new MD5().getMD5ofStr("system/sys/variable.do"+15+key));
	}
	
	public static Limits getLimits(HttpServletRequest request) throws ServletException
	{
		HttpSession session = request.getSession();		
		String strUrl=request.getServletPath().toString();
		if(strUrl.startsWith("/"))
			strUrl=strUrl.substring(1);
				
		String strlimitsId=Utils.getString("limitsid");		
		if(strlimitsId!=null && !strlimitsId.trim().equals("")){//验证strlimitsId的有效性
			String[] array = strlimitsId.split("-");
			if(array.length!=2)
				throw new ServletException("limitsid 参数错误...");
			Integer limitsId=Integer.parseInt(array[0]);
			if(Utils.equals(Utils.config("limit.debug"), "true"))
				Utils.trace(limitsId,"-",strUrl,limitsId,key);
			//根据地址、权限值、密钥md5匹配后面的加密字符串
			if(!new MD5().getMD5ofStr(strUrl+limitsId+key).equals(array[1]))
				throw new ServletException("limitsid 参数验证失败...");
			Limits limits=new Limits();
			limits.setUrl(strUrl);
			limits.setLimitsId(limitsId);
			session.setAttribute(strUrl, limits);
			return limits;
		}
				
		Limits limits=null;
		limits=(Limits) session.getAttribute(strUrl);
		if(limits!=null)
			return limits;
		
		//根据referer链取limitsId
		String strReferer=request.getHeader("Referer");		
		if(strReferer==null)
			return null;
		strReferer=strReferer.substring(0,strReferer.indexOf("?")==-1?strReferer.length():strReferer.indexOf("?"));
		strReferer=strReferer.substring(strReferer.indexOf("//")+2);
		String contextPath = request.getContextPath()+"/";
		strReferer=strReferer.substring(strReferer.indexOf(contextPath)+contextPath.length());
		if(strUrl.startsWith("/"))
			strUrl=strUrl.substring(1);
		
		limits=(Limits) session.getAttribute(strReferer);
		if(limits==null)
			return null;
		
		Limits selfLimits=new Limits();
		selfLimits.setUrl(strUrl);
		selfLimits.setReferer(limits);
		
		session.setAttribute(strUrl, selfLimits);
				
		return limits;
	}

	public static void setKey(String key)
	{
		LimitsFilter.key = key;
	}
}